CVE-2017-16067

Name of the Vulnerable Software and Affected Versions: node-opencv versions all

Description: The issue concerns a malicious module named node-opencv, which was designed to hijack environment variables and send them to attacker-controlled locations. All versions of this module have been unpublished from the npm registry.

Recommendations: Delete the node-opencv package Clear your npm cache Ensure it is not present in any other package.json files on your system Regenerate your registry credentials, tokens, and any other sensitive credentials that may have been present in your environment variables Review any service which may have been exposed via credentials in your environment variables, such as a database, for indicators of compromise.